cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TIFFSetupStrips: enforce 2GB limitation of Strip/Tile Offsets/ByteCounts arrays

Browse Source 
TIFFWriteDirectoryTagData() has an assertion that checks that the
arrays are not larger than 2GB. So error out earlier if in that situation.
This commit is contained in:
Even Rouault 2020-02-01 18:11:08 +01:00
parent 7a335a32eb
commit 37a02ad493
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libtiff/tif_write.c
View File

@ -533,6 +533,13 @@ TIFFSetupStrips(TIFF* tif)
isUnspecified(tif, FIELD_ROWSPERSTRIP) ? isUnspecified(tif, FIELD_ROWSPERSTRIP) ?
td->td_samplesperpixel : TIFFNumberOfStrips(tif); td->td_samplesperpixel : TIFFNumberOfStrips(tif);
td->td_nstrips = td->td_stripsperimage; td->td_nstrips = td->td_stripsperimage;
/* TIFFWriteDirectoryTagData has a limitation to 0x80000000U bytes */
if( td->td_nstrips >= 0x80000000U / ((tif->tif_flags&TIFF_BIGTIFF)?0x8U:0x4U) )
{
TIFFErrorExt(tif->tif_clientdata, "TIFFSetupStrips",
"Too large Strip/Tile Offsets/ByteCounts arrays");
return 0;
}
if (td->td_planarconfig == PLANARCONFIG_SEPARATE) if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
td->td_stripsperimage /= td->td_samplesperpixel; td->td_stripsperimage /= td->td_samplesperpixel;
td->td_stripoffset_p = (uint64 *) td->td_stripoffset_p = (uint64 *)